{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d0a50b70-1db2-5d03-8e5e-ed1c9e35d84d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.0.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fcc94cca-07cc-5315-bc5c-a6816c61cb89", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1f3f18a-733f-589d-892f-fcb3d1990b26", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc40d09e-69a5-5964-b4b6-2f8b6ec0f9dd", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d58ead99-21ad-5072-8e9a-0b1948cdea4b", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd5011da-e699-5cfc-a22c-a04cbfeb7462", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c6b6018-f98a-50d8-9be1-35f440f052ad", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a61cfe60-7d13-5cff-b863-bb74323682a7", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd520465-fa9d-5a83-bfb5-fd0e7b8943fa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23527a09-09c1-5f3f-85ae-2614ce4b6645", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cbfe2e1f-54be-5069-8fc1-cf540a34d7ee", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:199bf330-5462-56a3-a825-092ba6a5fff3", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6319232b-6fae-56cc-b9e3-3b9e38a54df0", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b6e0b87-7ba5-5d8e-931a-88a423d5f0e0", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-expression 4.0.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0a778af-28fb-58ea-9274-939c58d4838b", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d37f0cd-4557-56cd-aa98-57066660603e", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f1e8ca1-9ad4-57ee-b838-0a63defd1899", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:468f29f1-cf3e-5b32-a152-0f362e58c95c", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54229664-f87b-50c1-b803-d69d53b8e818", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30459813-0c4e-5cc5-9477-d167a6c3034c", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9c1ba2f-0c92-5c7c-9a9a-92fc25d7f003", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:158c869d-1df1-504b-8bef-0ebafc3b5025", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5605541a-64e0-5662-9598-5ba44cdb9084", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f24a0e7-bcee-5339-ab83-2203541f647f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29c93871-a6ca-59d2-9d30-94859db0bf93", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65ad0836-a585-5c2c-beab-7d1f198cb686", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ac6bf9a-3c0d-5456-a43c-b11fa83019ac", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e22e8f28-87b7-5e5a-9350-071b0d5f308a", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b39df968-0255-5f8e-a739-09c90cb210e8", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edadbd1c-d819-54c4-97ec-96d201d87a27", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13f8991d-aba2-5555-9e51-786b0290aa5e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b60eba10-901e-5019-8bae-1fe1b0d804c3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5395241-679b-5488-a1f0-7994b8eb98dd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cf4f4b4-790b-5b73-b7d1-4cf576586a26", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4994095-5fb4-5151-8e80-062ce8acd113", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9012a010-1f1e-502e-87f4-20e03464f84c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1ce90b2-433a-58e5-a1ef-4e200bd92ca5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5e39a3d-5992-5503-b437-a07f9bb0e600", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc62d16d-575c-5a85-9663-86f086c2b4a7", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1638b6c5-ae19-56a5-8c2b-70ab87e01a5d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc450ef0-4115-5bdf-91c6-d6e89dc08289", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.2" } ] }